JDATATRANS for Array Obfuscation in Java Source Code to Defeat Reverse Engineering from Decompiled Codes

Software obfuscation or obscuring a software is an approach to defeat the practice of reverse engineering a software for using its functionality illegally in the development of another software. Java applications are more amenable to reverse engineering and re-engineering attacks through methods such as decompilation because Java class files store the program in a semi complied form called 'byte' codes. The existing obfuscation systems obfuscate the Java class files. Obfuscated source code produce obfuscated byte codes and hence two level obfuscation (source code and byte code level) of the program makes it more resilient to reverse engineering attacks. But source code obfuscation is much more difficult due to richer set of programming constructs and the scope of the different variables used in the program and only very little progress has been made on this front. Hence programmers resort to adhoc manual ways of obscuring their program which makes it difficult for its maintenance and usability. To address this issue partially, we developed a user friendly tool JDATATRANS to obfuscate Java source code by obscuring the array usages. Using various array restructuring techniques such as 'array splitting', 'array folding' and 'array flattening', in addition to constant hiding, our system obfuscate the input Java source code and produce an obfuscated Java source code that is functionally equivalent to the input program. We also perform a number of experiments to measure the potency, resilience and cost incurred by our tool.Comment: Manuscript submitted to ACM COMPUTE 2009 Conference,Bangalor

PAgIoT - Privacy-preserving aggregation protocol for internet of things

Modern society highly relies on the use of cyberspace to perform a huge variety of activities, such as social networking or e-commerce, and new technologies are continuously emerging. As such, computer systems may store a huge amount of information, which makes data analysis and storage a challenge. Information aggregation and correlation are two basic mechanisms to reduce the problem size, for example by filtering out redundant data or grouping similar one. These processes require high processing capabilities, and thus their application in Internet of Things (IoT) scenarios is not straightforward due to resource constraints. Furthermore, privacy issues may arise when the data at stake is personal. In this paper we propose PAgIoT, a Privacy-preserving Aggregation protocol suitable for IoT settings. It enables multi-attribute aggregation for groups of entities while allowing for privacy-preserving value correlation. Results show that PAgIoT is resistant to security attacks, it outperforms existing proposals that provide with the same security features, and it is feasible in resource-constrained devices and for aggregation of up to 10 attributes in big networks.This work was partially supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and the CAM grant S2013/ICE-3095 CIBERDINE-CM (CIBERDINE: Cybersecurity, Data, and Risks) funded by the Autonomous Community of Madrid and co-funded by European funds